News & Views

Osirium Ransomware Index

UK businesses are not sufficiently protecting the backups, or backup systems which will be critical to their recovery should a cyberattack occur, says the findings from Osirium’s Ransomware Index (www.osirium.com/documents/osirium-ransomware-index).

“Online backups are at significant risk because, in the event of a ransomware attack, the backup system faithfully takes copies of the infected data and thus renders the backups useless,” explains David Guyatt, CEO at Osirium.

“A multi-layered approach to managing these systems is needed.  Keeping offline backups is key but protecting access to the backup management system and related backup files is critical to prevent infection.  Nearly three quarters (73%) of respondents stated that backups are a key element to recovery, so more attention needs to be paid to protecting them.”

According to the research, 80% of small businesses rely on backups as a plan of recovery should a cyber-attack occur, with 63% of these using online backups as a preventative measure in avoiding data loss.  Overall, nearly 80% of respondents admitted that they have experienced at least one ransomware attack; with 68% of these stating the attack occurred in the past year.  Interestingly, despite 98% of respondents saying they were aware that backups are a target of ransomware attacks, over half (56%) do not keep offline backups and only 35% take extra precautions to protect access to backups and backup management systems.

Nearly 60% of UK businesses say they only feel ‘somewhat prepared’ for the eventuality of a ransomware attack, and if they were to fall victim to a ransomware attack, the main and immediate concerns for the IT managers surveyed would be backup failure (31%), data protection/GDPR breach (28%), sensitive and financial record breaches (27%) and overall costs to the business (27%).  However, 1 in 10 also added they would also stress about the prospect of being fired.

“Ransomware attacks should be managed as ‘when they will happen,’ not ‘if’.  Getting fundamental protections in place can make all the difference in preventing the spread of an attack, and recovering in hours or days rather than weeks or months.  The Osirium Ransomware Index highlights where threats are highest and recommends actions to prioritize in response,” comments Guyatt.